package com.catal.framework.filter.dwr;

import java.lang.reflect.Method;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.directwebremoting.AjaxFilter;
import org.directwebremoting.AjaxFilterChain;
import org.directwebremoting.WebContext;
import org.directwebremoting.WebContextFactory;

/**
 * DWR方法操作权限过滤器
 * @author chensr
 *
 */
public class DWRAuthFilter implements AjaxFilter {

	public Object doFilter(Object object, Method method, Object[] arr,
			AjaxFilterChain chain) throws Exception {
		// 获取session
		WebContext ctx = WebContextFactory.get();
		HttpServletRequest request = ctx.getHttpServletRequest();
		HttpSession session = request.getSession();
		String flag = (String) session.getAttribute("flag");
//		if (null == flag) {
//			System.out.println("session验证失败");
//			return "session_error";
//		}
		String className = object.getClass().getName();
		// 拦截调用方法
		String methodName = method.getName();
		System.out.println("拦截目标方法：" + methodName);

		if (!CheckLimit(className + "." + methodName)) {
			System.out.println("权限验证失败");
			return "limit_error";
		}
		Object obj = chain.doFilter(object, method, arr);
		System.out.println("目标方法" + method.getName() + "执行结束");
		return obj;
	}

	/**
	 * 操作权限判断该方法是否已配置了权限，如果配了，就查找该用户是否有权操作，即是否有权访问调用该方法。查询权限的话...
	 * @param methodName
	 * @return
	 */
	private boolean CheckLimit(String methodName) {
		return true;
	}
}
